The increasing breadth of the security market makes it a challenge to differentiate between signal and noise across a wide swath of products in a MANAGED SECURITY SERVICES setting. For example, the challenge may include attempting to detect security incidents from two trillion event instances per month, of 72,000 event types per month, which are produced by 100 different security products.
Additionally, it is difficult to score a confidence level that estimates whether a security event indicates the occurrence of a security incident that justifies further investigation and attention. Event rankings are important because they provide insight into potential security threats and they can also form the basis for automated incident detection. Nevertheless, as discussed further below, some security solutions for identifying, detecting, and/or ranking security events and associated security incidents are not optimized along one or more dimensions. The instant disclosure, therefore, identifies and addresses a need for improved systems and methods for detecting security incidents.